Lead Image © Igor Stevanovic, 123RF.com
Digital signatures in package management
Package Insurance
Many distributions develop, test, build, and distribute their software via a heterogeneous zoo of servers, mirrors, and workstations that make central management and protection of the end product almost impossible. In terms of personnel, distributions also depend on the collaboration of a severely limited number of international helpers. This technical and human diversity creates a massive door for external and internal attackers who seek to infect popular distribution packages with malware. During updates, then, hundreds of thousands of Linux machines download and install poisoned software with root privileges. The damage could hardly be greater.
The danger is less abstract than some might think. Repeatedly in the past, projects have had to take down one or more servers after hacker attacks. The motivation of (at least) all the major distributions to protect themselves from planted packages is correspondingly large and boils down to two actions: one simple and one cryptographic.
Advanced Mathematics
Armed with a checksum, users can determine whether a package has passed through the Internet without error. The MD5, SHA1, and SHA256 hash methods are popular ways to calculate a checksum for a package.
Because checksums provide no protection against intentional tampering, Arch Linux and Debian and its derivatives also sign their packages and repositories. They naturally use public key cryptography to do so. The basis is a key pair. Using the private key, which is kept safely, the project team signs the new packages or the repository. With the public key, which is accessible to everyone through the distribution sites and installation media, users can check whether the signature originates from the owner of the private key and thus comes from the project.
Secrecy
To improve security, some distributions rely on a
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Build system images with Kiwi
Configure, build, and deploy operating system images in a suitable format to facilitate and accelerate the installation of new systems. -
Flatpak, Snap, and AppImage
The Flatpak, Snap, and AppImage package formats work across distributions, but each has its specific disadvantages. -
Creating a private apt repository with reprepro
A private repository is useful if you want to distribute your own software packages to Debian and Ubuntu machines in a controlled manner. The reprepro tool makes it easy. -
Manipulation detection with AFICK
AFICK is a small, free tool that helps administrators detect attempts to manipulate documents and system files. -
Verifying packages with Debian's ReproducibleBuilds
Debian's ReproducibleBuilds project helps you determine whether a binary package was actually built from the associated source code.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
